Wednesday, February 20, 2013

Some useful command with iproute2

As I wrote more than 2 years ago, the network tools (often referred as net-tools) ifconfig, netstat and route that should be familiar to anyone that has worked with a terminal, have been deprecated in favour of the iproute2 suite from some years.
iproute2 is intended to replace this entire suite of legacy Unix networking tools that were previously used for the tasks of configuring network interfaces, routing tables, and managing the ARP table, but which have not been developed since 2001.
You can find some examples of the usage of the iproute commands on my articles about:
- Policy routing
- Socket Statistics on Linux
- MAC Address Managment on Linux
And today I want to share with you some of the most useful commands that you can use with this “new” suite of commands and the translation of some old commands that we were all used to use on the terminal.

Interface configuration

With this task you can set an interface up and configure an IP address over it, so 2 classic command with ifconfig were:
[ ~]# ifconfig eth0 up
[ ~]# ifconfig eth0 netmask
With iproute2, control of interfaces themselves – both physical and logical – is through the link subcommand. Bringing up eth0 can be done with
[ ~]# ip link set eth0 up
While to add an IP address to an interface you can use:
[ ~]# ip addr add dev eth0
If you prefer you can use also this notation:
[ ~]# ip addr add dev eth0
To verify the result, or just check which IP addresses are configured on your system you can use:
[ ~]#ip addr ls
[ ~]#ip addr show
[ ~]#ip addr ls eth0
The first 2 command gave exactly the same output, while the third just shows the IP of the eth0 device.

Creating ethernet alias

Assuming that your eth0 IP is and you would like to create an alias eth0:0 with IP You would use:
ifconfig eth0:0 up
Where the key was to put :number to indicate that the IP was an alias, with iproute2 you can simply use the same command :
[ ~]# ip addr add dev eth0


What’s the modern alternative of the command route -n ?
A simple:
[ ~]# ip ro
The output is slightly different but you get exactly the same information:
[me@mydesktop ~] route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface         UG    0      0        0 wlan0     U     1000   0        0 wlan0   U     9      0        0 wlan0
[me@mydesktop ~] ip ro
default via dev wlan0  proto static dev wlan0  scope link  metric 1000 dev wlan0  proto kernel  scope link  src  metric 9
And to add and remove routes you can use the syntax ip ro add|del destination via gateway, so to add and remove a route to the lan I could use:
[me@mydesktop ~]# ip ro add via
[me@mydesktop ~]# ip ro del via

Find the Route to an IP Address

If you have multiple interfaces and switch between them (eth0 for work, wlan1 for home, tun0 for vpn) and you want to get the ip and gateway of the interface actually used to connect to an IP try this:
[ ~]# ip route get IP
So for example you could use the IP (Google DNS server) to check which interface the computer will use:
[me@mydesktop ~] ip route get via dev wlan0  src
So to reach my desktop uses wlan0, the gatway located at and the private ip


In iproute2 there is also a subcommand equivalent to the traditional arp -na, useful to know the ARP table on a UNIX machine.
You can get the same result with iproute2 using ip neighbor, with ip n being the shortened extreme:
[me@mydesktop ~] ip neigh dev wlan0 lladdr 00:18:4d:af:a0:64 REACHABLE
So what are you waiting for ?
It’s time to switch to the “new” iproute suite, the commands are easy and powerful !

